Every CVE whose affected-product data names Mozilla Convict, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2023-0163 — CVSS 8.4 (high): Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mozilla Convict. This allows an…
CVE-2022-21190 — CVSS 7.5 (high): This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604)…
CVE-2022-22143 — CVSS 7.5 (high): The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey…